My current understanding of the situation is as follows:
- Intel devices with Boot Guard are virtually impossible, barring expoits.
- Intel devices without Boot Guard are challenging but possible, and in my opinion a device such as the Framework laptop will be supported relatively quickly, provided devices without Boot Guard are provided to the community. It is also easier if a similar device exists (e.g. the Chromebook version)
- AMD has Platform Secure Boot (Platform Secure Boot). This is done at the CPU level rather than the PCH level. This means if you bring your own CPU in a device with PSB it is effectively vendor locked for the rest of its life!
- AMD PSB seems to be rare on laptops and consumer devices in general, with a focus on servers/workstations. Evidently, the Framework AMD version does not have it enabled, which allowed the coreboot port.
- Current AMD CPUs use AGESA, which is proprietary and interfaces with EFI. This is the equivalent to the Intel Firmware Support Package.
- My understanding is porting coreboot to current gen AMD devices is extremely difficult but technically possible because AGESA is designed for UEFI, and it is challenging to interface with it from non-UEFI firmware like coreboot to do things like sleep.
- OpenSIL is the replacement of AGESA. It is fully open source (!) and not specific to UEFI.
- Provided OpenSIL releases in CPU used in a Framework laptop, and framework does not enable PSB, I believe we will finally have a device where anyone can do development of a practical and eventually feature-complete coreboot port, even with continued lack of involvement by framework.
Tangentially, another point against Boot Guard being enabled is that Framework cannot support a device with FW updates for ever, so if a security issue is discovered, there may be no way for the community to fix it.